summaryrefslogtreecommitdiff
path: root/test/parallel/test-tls-set-secure-context.js
blob: f8857701c68b3c94c42849bc5bf8aeef483908ae (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

'use strict';
const common = require('../common');

if (!common.hasCrypto)
  common.skip('missing crypto');

// This test verifies the behavior of the tls setSecureContext() method.
// It also verifies that existing connections are not disrupted when the
// secure context is changed.

const assert = require('assert');
const https = require('https');
const fixtures = require('../common/fixtures');
const credentialOptions = [
  {
    key: fixtures.readKey('agent1-key.pem'),
    cert: fixtures.readKey('agent1-cert.pem'),
    ca: fixtures.readKey('ca1-cert.pem')
  },
  {
    key: fixtures.readKey('agent2-key.pem'),
    cert: fixtures.readKey('agent2-cert.pem'),
    ca: fixtures.readKey('ca2-cert.pem')
  }
];
let firstResponse;

const server = https.createServer(credentialOptions[0], (req, res) => {
  const id = +req.headers.id;

  if (id === 1) {
    firstResponse = res;
    firstResponse.write('multi-');
    return;
  } else if (id === 4) {
    firstResponse.write('success-');
  }

  res.end('success');
});

server.listen(0, common.mustCall(() => {
  const { port } = server.address();
  const firstRequest = makeRequest(port, 1);

  async function makeRemainingRequests() {
    // Wait until the first request is guaranteed to have been handled.
    if (!firstResponse) {
      return setImmediate(makeRemainingRequests);
    }

    assert.strictEqual(await makeRequest(port, 2), 'success');

    server.setSecureContext(credentialOptions[1]);
    firstResponse.write('request-');
    await assert.rejects(async () => {
      await makeRequest(port, 3);
    }, /^Error: self signed certificate$/);

    server.setSecureContext(credentialOptions[0]);
    assert.strictEqual(await makeRequest(port, 4), 'success');

    server.setSecureContext(credentialOptions[1]);
    firstResponse.end('fun!');
    await assert.rejects(async () => {
      await makeRequest(port, 5);
    }, /^Error: self signed certificate$/);

    assert.strictEqual(await firstRequest, 'multi-request-success-fun!');
    server.close();
  }

  makeRemainingRequests();
}));

function makeRequest(port, id) {
  return new Promise((resolve, reject) => {
    const options = {
      rejectUnauthorized: true,
      ca: credentialOptions[0].ca,
      servername: 'agent1',
      headers: { id }
    };

    https.get(`https://localhost:${port}`, options, (res) => {
      let response = '';

      res.setEncoding('utf8');

      res.on('data', (chunk) => {
        response += chunk;
      });

      res.on('end', common.mustCall(() => {
        resolve(response);
      }));
    }).on('error', (err) => {
      reject(err);
    });
  });
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-16 00:00:08 +0000